// The article parameter is assigned to $article variable without any sanitizati

1. // The article parameter is assigned to $article variable without any sanitization or validation:
2. $articleid = $_GET[‘article’];
3. // The $articleid parameter is then passed as part of the query. Easy. This is just a simple select statement, like below.
4. $query = "SELECT * FROM articles WHERE articleid = $articleid";
5. If you were to set the value of the parameters to 1 AND 1=1, the query then subsequently becomes:
6. $query = "SELECT * FROM articles WHERE articleid = 1 AND 1=1";
7. Now, if we simply use logic here, one can come to the conclusion that 1 is not equal to 2, right? If a user changes the parameter to 1 AND 1=2, it returns nothing because 1 is not equal to 2!
8. Bingo. There is an article with an ID of 1, and 1 equals to 1 which is true. I think right? I don't know, it's been awhile since I took 2nd grade math. Because of this knowledge, you can now adjust the string yourself.
9. There can be various other username and password combinations to play with the vulnerable sites. You can even create your own new combinations for the site login page. I will get to finding that information later in the guide.
10. Some sample combinations can be:
11. username:' or 1='1 password:' or 1='1
12. username:' or '1'='1' password:' or '1'='1'
13. username:or 1=1 password:or 1=1